The Hacker News — Cyber Security, Hacking, Technology News

Cyber criminals are infecting thousands of computers around the world with malware and are utilizing those compromised machines to break into Point-of-Sale (PoS) terminals using brute-force techniques, and the attackers have already compromised 60 PoS terminals by brute-force attacks against poorly-secured connections to guess remote administration credentials, says researchers from FireEye.

The new botnet campaign, dubbed as BrutPOS, aims to steal payment card information from the POS systems and and other places where payment data is stored, by targeting Microsoft Remote Desktop Protocol (RDP) servers that were disgracefully using poorly secured and simple passwords.

Due to the better track inventory and accuracy of records, the Point-of-sale (POS) machine is used worldwide and it can be easily set-up, depending on the nature of the business. But, Point-of-sale (POS) systems are critical components in any retail environment and the users are not aware of the emerging threats it poses in near future.

A group of three researchers from FireEye, named Nart Villeneuve, Joshua Homan and Kyle Wilhoit, found 51 out of 60 Remote Desktop Protocol (RDP) servers located in the United States. It is really shamefull that the most common username used by the breached servers was “administrator” and the most common passwords were “pos” and “Password1”.

Researchers at FireEye has uncovered five BrutPOS command-and-control (CnC) servers, three of which are now offline and two are active, both based in Russia, which were set up in late May and early June. Only a small fraction of the bots are active at any given time.

The campaign has been active since at least February this year. According to the latest count, cyber criminals are running 5,622 bots in 119 countries, majority of them appeared to be located in Eastern Europe given the language used in interfaces and logs, most likely Ukraine or Russia.

"The infected system begins to make connections to port 3389; if the port is open it adds the IP to a list of servers to be brute forced with the supplied credentials," FireEye researchers Nart Villeneuve, Josh Homan and Kyle Wilhoit wrote in a blog post. "If the infected system is able to successfully brute force an RDP server, it reports back with credentials."

Once the BrutPOS malware successfully guesses the remote access credentials of an RDP-enabled system, the attacker uses that information to install a malware program on the infected system and then extracts payment card information from the memory of applications running on it.

The malware also attempted to obtain debug permissions likely to identify POS configurations and if it succeeds in getting those permissions, it runs an executable. But if it failed, it copies itself to %WINDIR%\lsass.exe and installed itself as a service.

The FireEye researchers built a honeypot in an effort to understand the attacker’s intentions. They set-up a fake POS software and left some fake credit card details on the desktop, and allow hackers to compromise it. They issued signals mimicking infection and watched as attackers popped its RDP login and crawled around the box attempting to open its installed PoS software before formatting the drive to erase evidence trails.

In past, we have seen many massive data breaches targeting POS machines such as TARGET data breach, the third-largest U.S. Retailer in which over 40 million Credit & Debit cards were stolen, and multiple retailers including Neiman Marcus, Michaels Store involving the heist of possibly 110 million Credit-Debit cards, and personal information.

Point-of-sale (POS) is the hottest topic in payment structures and its one of the most popular technology topics as well. A Point-of-sale (POS) machine is a computerized replacement for a cash register. It has ability to quickly process a customer's transaction, accurately keep the records, process credit and debit cards, connect to other systems in a network, and manage inventory.

A basic POS system would consist of a computer as its core part provided with application specific programs for the particular environment in which it will serve, along with a cash drawer, barcode scanner, receipt printer and the appropriate POS software. Point-of-sale (POS) terminals are used in most industries that have a point of sale such as a service desk, including restaurants, lodging, entertainment, and museums.

Due to the better track inventory and accuracy of records, the Point-of-sale (POS) machine is used worldwide and it can be easily set-up, depending on the nature of the business. But on the other hand, Point-of-sale (POS) systems are critical components in any retail environment and the users are not aware of the emerging threats it poses in near future.

Last week I read an excellent book entitled 'HACKING POINT OF SALE', written by Slava Gomzine, that summarizes, systemizes, and shares knowledge about payment application security.

In the Book, the author covers all the aspects of card payment processing from the security point of view that mainly depends on confidentiality, integrity, and availability.

In past few months, we have seen many massive data breaches targeting POS machines and the largest one is TARGET data breach occurred during the last Christmas holidays. The third-largest U.S. Retailer in which over 40 million Credit & Debit cards were stolen, used to pay for purchases at its 1500 stores nationwide in the U.S.

Not Target alone, multiple retailers including Neiman Marcus, Michaels Store were also targeted involving the heist of possibly 110 million Credit-Debit cards, and personal information.

Later, Target and other retailers confirmed that a malware was embedded in point-of-sale (POS) equipment at its checkout counters to collect secure data as the credit cards were swiped during transactions. That means the main theft resides in the company’s POS system.

The Book 'Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions' is all about the In-Depth technical information of attacks and vulnerabilities in Point-of-sale (POS) system, along with the extensive knowledge about the mitigation and protection measures.

THE BOOK WALKS THE READER THROUGH -

Technological overview of Electronic payment systems

POS applications architecture

Communication protocols

Attacks on Point-of-sale Systems

Step-by-step explanation of credit card fraud processes

POS payment application vulnerabilities and non-software attacks

Weak Encryption mechanisms and Poor key management

How to prevent attacks on payment applications using Cryptography

How to Protect the cardholders' sensitive information

How to protect the application itself by utilizing client and server certificates, digital signatures, and code obfuscation.

From a security perspective, the most critical risk lies in the payment process, because if the information that the customers hand over is captured somehow, the cyber criminals can use it to commit credit card frauds.

Also, many point-of-sale (POS) terminals are built using embedded versions of Microsoft Windows, which means that it is trivial for an attacker to create and develop malware that would run on a POS terminal.

Attackers can also steal the information by leveraging the weakness in the point-of-sale (POS) environment such as unprotected memory, unencrypted network transmission, poorly encrypted disk storage, card reader interface, or compromised pinpad device.

There are more than a billion active credit and debit card users in US alone, thus an active target for money motivated hackers. If we look at the figures, in 2011, POS terminals and payment card information was involved in almost 48% of security breaches which is more than any other data type breach.

Due to lack of concern and security measures, point-of-sale (POS) systems have become an attractive target for cybercriminals and to overcome the upcoming threats we should know its architecture, the areas of attacks and the defense measures.

Either you are a Developer, Security Architect , QA Analyst, Security Researcher or a Hacker, this book is really for you to grab the in-depth research of the point-of-sale (POS) systems, how it works, how it could be exploited, and what protection measures should be taken.